When Customers Require Compliance with Security Frameworks
- Compliance with many standards is simplified by using a segmented security strategy.
- Each cell in the segmented security matrix becomes a “container” or zone with its own controls and security configurations.
“We can now quickly configure and provision a partner’s security requirements by simply assigning their resources to an appropriate zone.”
As a supplier of products and services to a wide range of industries and manufacturers, Keysight Technologies must demonstrate compliance with the standards its customers and partners require. To that end, it must show compliance with many frameworks. “We use ISO 27000 as a broad standard,” says senior infrastructure security architect Chad Lorenc. “As a collection of security best practices that have been tested over time, it covers most of our requirements.” However other customers have other requirements, so Lorenc must also show compliance with Payment Card Industry (PCI), Defense Federal Acquisition Regulation Supplement (DFARS), Personally Identifiable Information (PII) Security Policies, and other requirements.